I have secured my application using the security interceptor using a
custom security object...
<cffunction name="userValidator">
Test if user is logged in
</cffunction>
Now is there any way of creating another custom security object with
different criteria, to secure alternative sections of my
application....for example
<cffunction name="userValidator2">
Check is user is logged in and called john
</cffunction>
On Wed, Jun 17, 2009 at 9:08 PM, namtax<nam...@googlemail.com> wrote:
> Hi there
> I have secured my application using the security interceptor using a
> custom security object...
> <cffunction name="userValidator">
> Test if user is logged in
> </cffunction>
> Now is there any way of creating another custom security object with
> different criteria, to secure alternative sections of my
> application....for example
> <cffunction name="userValidator2">
> Check is user is logged in and called john
> </cffunction>
Also, note that your user validator object can do what YOU need it to do. It
is an entry point for the security. What you do with it, is up to you, so
you can really get creative.
Also, remember that the security rules are basic fields, you can extend
those and add more fields to the rules. You are not restricted.
Luis
On Wed, Jun 17, 2009 at 1:20 PM, Ernst van der Linden
<evdlin...@gmail.com>wrote:
> securityrules.xml is used for securing different sections.
> Normally you use ONE Validator object.
> Ernst
> On Wed, Jun 17, 2009 at 9:08 PM, namtax<nam...@googlemail.com> wrote:
> > Hi there
> > I have secured my application using the security interceptor using a
> > custom security object...
> > <cffunction name="userValidator">
> > Test if user is logged in
> > </cffunction>
> > Now is there any way of creating another custom security object with
> > different criteria, to secure alternative sections of my
> > application....for example
> > <cffunction name="userValidator2">
> > Check is user is logged in and called john
> > </cffunction>
On Wed, Jun 17, 2009 at 11:04 PM, Luis Majano<lmaj...@gmail.com> wrote:
> Also, note that your user validator object can do what YOU need it to do. It
> is an entry point for the security. What you do with it, is up to you, so
> you can really get creative.
> Also, remember that the security rules are basic fields, you can extend
> those and add more fields to the rules. You are not restricted.
> Luis
> On Wed, Jun 17, 2009 at 1:20 PM, Ernst van der Linden <evdlin...@gmail.com>
> wrote:
>> securityrules.xml is used for securing different sections.
>> Normally you use ONE Validator object.
>> Ernst
>> On Wed, Jun 17, 2009 at 9:08 PM, namtax<nam...@googlemail.com> wrote:
>> > Hi there
>> > I have secured my application using the security interceptor using a
>> > custom security object...
>> > <cffunction name="userValidator">
>> > Test if user is logged in
>> > </cffunction>
>> > Now is there any way of creating another custom security object with
>> > different criteria, to secure alternative sections of my
>> > application....for example
>> > <cffunction name="userValidator2">
>> > Check is user is logged in and called john
>> > </cffunction>
>> > Thanks
> --
> Luis F. Majano
> President
> Ortus Solutions, Corp
So you have to use one validator and then place variables in there
which determine different security criteria?
Essentially what I have done is set up my application so that some
pages can only be accessed if you signed in, but I also want to be
able to secure some pages, so you can only access them if you arent
logged in..if that makes sense..
I know there must be an easy way of doing this, but cant think at the
moment.
On Jun 17, 10:28 pm, Ernst van der Linden <evdlin...@gmail.com> wrote:
> Remember that the order of the security rules is very important.
> On Wed, Jun 17, 2009 at 11:04 PM, Luis Majano<lmaj...@gmail.com> wrote:
> > Also, note that your user validator object can do what YOU need it to do. It
> > is an entry point for the security. What you do with it, is up to you, so
> > you can really get creative.
> > Also, remember that the security rules are basic fields, you can extend
> > those and add more fields to the rules. You are not restricted.
> > Luis
> > On Wed, Jun 17, 2009 at 1:20 PM, Ernst van der Linden <evdlin...@gmail.com>
> > wrote:
> >> securityrules.xml is used for securing different sections.
> >> Normally you use ONE Validator object.
> >> Ernst
> >> On Wed, Jun 17, 2009 at 9:08 PM, namtax<nam...@googlemail.com> wrote:
> >> > Hi there
> >> > I have secured my application using the security interceptor using a
> >> > custom security object...
> >> > <cffunction name="userValidator">
> >> > Test if user is logged in
> >> > </cffunction>
> >> > Now is there any way of creating another custom security object with
> >> > different criteria, to secure alternative sections of my
> >> > application....for example
> >> > <cffunction name="userValidator2">
> >> > Check is user is logged in and called john
> >> > </cffunction>
> >> > Thanks
> > --
> > Luis F. Majano
> > President
> > Ortus Solutions, Corp
On Fri, Jun 19, 2009 at 4:53 PM, namtax<nam...@googlemail.com> wrote:
> So you have to use one validator and then place variables in there
> which determine different security criteria?
> Essentially what I have done is set up my application so that some
> pages can only be accessed if you signed in, but I also want to be
> able to secure some pages, so you can only access them if you arent
> logged in..if that makes sense..
> I know there must be an easy way of doing this, but cant think at the
> moment.
> On Jun 17, 10:28 pm, Ernst van der Linden <evdlin...@gmail.com> wrote:
>> Remember that the order of the security rules is very important.
>> On Wed, Jun 17, 2009 at 11:04 PM, Luis Majano<lmaj...@gmail.com> wrote:
>> > Also, note that your user validator object can do what YOU need it to do. It
>> > is an entry point for the security. What you do with it, is up to you, so
>> > you can really get creative.
>> > Also, remember that the security rules are basic fields, you can extend
>> > those and add more fields to the rules. You are not restricted.
>> > Luis
>> > On Wed, Jun 17, 2009 at 1:20 PM, Ernst van der Linden <evdlin...@gmail.com>
>> > wrote:
>> >> securityrules.xml is used for securing different sections.
>> >> Normally you use ONE Validator object.
>> >> Ernst
>> >> On Wed, Jun 17, 2009 at 9:08 PM, namtax<nam...@googlemail.com> wrote:
>> >> > Hi there
>> >> > I have secured my application using the security interceptor using a
>> >> > custom security object...
>> >> > <cffunction name="userValidator">
>> >> > Test if user is logged in
>> >> > </cffunction>
>> >> > Now is there any way of creating another custom security object with
>> >> > different criteria, to secure alternative sections of my
>> >> > application....for example
>> >> > <cffunction name="userValidator2">
>> >> > Check is user is logged in and called john
>> >> > </cffunction>
>> >> > Thanks
>> > --
>> > Luis F. Majano
>> > President
>> > Ortus Solutions, Corp
> Take a look at the regex comments in securityrules.xml.cfm
> Ernst
> On Fri, Jun 19, 2009 at 4:53 PM, namtax<nam...@googlemail.com> wrote:
> > So you have to use one validator and then place variables in there
> > which determine different security criteria?
> > Essentially what I have done is set up my application so that some
> > pages can only be accessed if you signed in, but I also want to be
> > able to secure some pages, so you can only access them if you arent
> > logged in..if that makes sense..
> > I know there must be an easy way of doing this, but cant think at the
> > moment.
> > On Jun 17, 10:28 pm, Ernst van der Linden <evdlin...@gmail.com> wrote:
> >> Remember that the order of the security rules is very important.
> >> On Wed, Jun 17, 2009 at 11:04 PM, Luis Majano<lmaj...@gmail.com> wrote:
> >> > Also, note that your user validator object can do what YOU need it to do. It
> >> > is an entry point for the security. What you do with it, is up to you, so
> >> > you can really get creative.
> >> > Also, remember that the security rules are basic fields, you can extend
> >> > those and add more fields to the rules. You are not restricted.
> >> > Luis
> >> > On Wed, Jun 17, 2009 at 1:20 PM, Ernst van der Linden <evdlin...@gmail.com>
> >> > wrote:
> >> >> securityrules.xml is used for securing different sections.
> >> >> Normally you use ONE Validator object.
> >> >> Ernst
> >> >> On Wed, Jun 17, 2009 at 9:08 PM, namtax<nam...@googlemail.com> wrote:
> >> >> > Hi there
> >> >> > I have secured my application using the security interceptor using a
> >> >> > custom security object...
> >> >> > <cffunction name="userValidator">
> >> >> > Test if user is logged in
> >> >> > </cffunction>
> >> >> > Now is there any way of creating another custom security object with
> >> >> > different criteria, to secure alternative sections of my
> >> >> > application....for example
> >> >> > <cffunction name="userValidator2">
> >> >> > Check is user is logged in and called john
> >> >> > </cffunction>
> >> >> > Thanks
> >> > --
> >> > Luis F. Majano
> >> > President
> >> > Ortus Solutions, Corp
(there are many ways to store the rules, XML, database, etc, I just
happened to create a query here in my getRules() function, check the
cbSecurity guide)
This rule gets matched when any event in the securelist is called. It
passes the query for the matching rule into the validator to be used.
In the validator you would check what your user's settings are (if
they are logged in via a session or cflogin, what their roles are,
etc) and then check them against the roles and permissions list in the
rule query with your own logic. So, you check the user's roles against
the roles in the rule and see if they match up, if so, you allow the
event with return true, if not, you return false and setNextEvent()
will take the user to the event specified in the redirect column of
the rule.
If a user visits ehGeneral.dspHi it will match the second rule and
send that query to the validator, if they visit ehGeneral.dspHello it
sends the first rule to the validator. In the validator, you then
check session.roles or use the built-in cflogin functions to check the
roles and either return true or false if the user is validated.
For example, if you send in the second rule, your user would have to
be in the "test" role to be validated.
You can also use ColdBox's built-in validation based on cflogin, which
is a very simple example provided in the docs.
Let me know if I can help you out with anything else :)
On Jun 19, 7:53 am, namtax <nam...@googlemail.com> wrote:
> So you have to use one validator and then place variables in there
> which determine different security criteria?
> Essentially what I have done is set up my application so that some
> pages can only be accessed if you signed in, but I also want to be
> able to secure some pages, so you can only access them if you arent
> logged in..if that makes sense..
> I know there must be an easy way of doing this, but cant think at the
> moment.
> On Jun 17, 10:28 pm, Ernst van der Linden <evdlin...@gmail.com> wrote:
> > Remember that the order of the security rules is very important.
> > On Wed, Jun 17, 2009 at 11:04 PM, Luis Majano<lmaj...@gmail.com> wrote:
> > > Also, note that your user validator object can do what YOU need it to do. It
> > > is an entry point for the security. What you do with it, is up to you, so
> > > you can really get creative.
> > > Also, remember that the security rules are basic fields, you can extend
> > > those and add more fields to the rules. You are not restricted.
> > > Luis
> > > On Wed, Jun 17, 2009 at 1:20 PM, Ernst van der Linden <evdlin...@gmail.com>
> > > wrote:
> > >> securityrules.xml is used for securing different sections.
> > >> Normally you use ONE Validator object.
> > >> Ernst
> > >> On Wed, Jun 17, 2009 at 9:08 PM, namtax<nam...@googlemail.com> wrote:
> > >> > Hi there
> > >> > I have secured my application using the security interceptor using a
> > >> > custom security object...
> > >> > <cffunction name="userValidator">
> > >> > Test if user is logged in
> > >> > </cffunction>
> > >> > Now is there any way of creating another custom security object with
> > >> > different criteria, to secure alternative sections of my
> > >> > application....for example
> > >> > <cffunction name="userValidator2">
> > >> > Check is user is logged in and called john
> > >> > </cffunction>
> > >> > Thanks
> > > --
> > > Luis F. Majano
> > > President
> > > Ortus Solutions, Corp
|
